connect university summer school 2019 · 5 connect university summer school 2019 cybersecurity in...
TRANSCRIPT
1
CONNECT UNIVERSITY SUMMER SCHOOL 2019CYBERSECURITY IN AN AGE OF D IG ITAL TRANSFORMATION
2
L E A R N . D I S C O V E R . S H A R E . C O N N E C T .
FLORIN LUPESCU, DEAN OF THE CONNECT UNIVERSITY
"CONNECT University achieved to be a meaningful Institution of the European Commission in the field of sharing knowledge and building cooperation."
3
W H A T I S C O N N E C T U N I V E R S I T Y ?The CONNECT University is an initiative of the European Commission’s Directorate General on Communication Networks, Content and Technologies (DG CONNECT) which aims to inform about the latest digital trends and challenges which are highly linked with EU’s relevant policies and serve as a platform for sharing knowledge through thematic discussions, workshops and seminars.CONNECT University is where disruptors from the world of technology come to discuss the Future of Digital. In its role as a knowledge and debate forum meant to stir interest and debate on all things digital, CONNECT University is among the top European Commission’s initiatives that can
bring together practitioners, industry, academia and policy makers from across EU institutions.
W H A T I S T H E C O N N E C T U N I V E R S I T Y S U M M E R S C H O O L 2 0 1 9 A B O U T ?
From 24th of June until 5th of July 2019, the fourth edition of the CONNECT University Summer School (CUSS19) takes place, with cybersecurity as overarching topic. It is a top-class learning opportunity, allowing participants to get cutting-edge insights on the technical, policy, economical, and societal aspects of cybersecurity and digital privacy. More than 35 high level cybersecurity experts will share with you their knowledge and innovative ideas and discuss upcoming
cybersecurity challenges for Europe.
The shift to a highly connected and digitised world brings not only new opportunities, but also new cybersecurity challenges. Today the cyber threat landscape is constantly changing and evolving. In order to secure our digital economy and society we all need to advance our cybersecurity competencies and adopt a lifelong learning approach. Especially, policy makers and technology
players need to be well informed about cybersecurity.
In this vein, the CONNECT University Summer School 2019 (CUSS19) is dedicated to cybersecurity. Through our programme we seek to inform you about the latest news, trends and challenges
around cybersecurity and digital privacy.
4
D I S C O V E R O U R P R O G R A M M E
5
C O N N E C T U N I V E R S I T Y S U M M E R S C H O O L 2 0 1 9C Y B E R S E C U R I T Y I N A N A G E O F D I G I T A L T R A N S F O R M A T I O N
DAY I: 24.06.2019, 09:30-11:30 (DG CONNECT, BU 25 0/S1)
Introductory session: Rethinking cybersecurity in the digital transformation ageModerator: Despina Spanou, Director for Digital Society, Trust and Cybersecurity, DG CONNECT, European Commission• Roberto Viola, Director General DG CONNECT• Angelos Keromytis, Professor, Georgia Research Alliance Eminent Scholar, and John
H. Weitnauer, Jr. Chair at the Georgia Institute of Technology, School of Electrical andComputer Engineering
• Vincent Rijmen, Professor, KU Leuven, Belgium
DAY II: 25.06.2019, 10:00-12:00 (BERLAYMONT, ROOM: WALTER HALLSTEIN)
Session 1: International cybersecurity challengesModerator: Despina Spanou, Director for Digital Society, Trust and Cybersecurity, DG CONNECT, European Commission• Khalil Rouhana, Deputy Director General DG CONNECT• Bart Preneel, Full Professor at the Dept. Electrical Eng.-ESAT of the KU Leuven• Oleg Brodt, R&D Director for Deutsche Telekom Innovation Labs Israel; and Chief Innovation
Officer for Cyber@Ben-Gurion University
DAY III: 26.06.2019 (BERLAYMONT, ROOM: WALTER HALLSTEIN)
Commissioner Mariya Gabriel: Recapping European Commission’s cybersecurity and privacy initiatives (10:00-10:20)
Session 2: Digital privacy in a data-driven world (10:20-12:45)Moderator: Despina Spanou, Director for Digital Society, Trust and Cybersecurity, DG CONNECT, European Commission• Athena Bourka, NIS Expert - Data Protection Officer, ENISA• Ljubica Pendaroska, Ethics Expert & Data Protection Officer, Horizon2020 RePAST project• Farzaneh Far Ali, PhD, Imperial College London
Session 3: Protecting our digital identity and privacy in a hyper-connected world (14:00-16:00) Moderator: Pierre Chastanet, Head of Cloud and Software Unit, DG CONNECT, European Commission • Felipe Lora, Senior Engineering Program Manager at Google• Ludmila Georgieva, Public Policy & Government Affairs Manager• Cecilia Zappala, Policy Manager, EU Affairs, Facebook• Sirra Toivonen, Sector Security Scientist, VTT Technical Research Center of Finland
6
DAY IV: 27.06.2019 (BERLAYMONT)Session 4: Strengthening the EU’s cyber defence and resilience (10:30-12:30, BERLAYMONT, Room: WALTER HALLSTEIN)Moderator: Dirk Dubois, Head of the European Security and Defence College (ESDC)• Nicole van der Meulen, Senior Strategic Analyst at Europol• Kadi Saad, Head of CERT-EU• Nicolas Hernandez, Founder of the Aleph-networks• Maria Vello, CEO, Cyber Defence Alliance
Cybersecurity demonstration by CSIRTs (14:00-17:15, BERLAYMONT, HALL 5)Moderator: James Caffrey, Senior Policy Officer, Cybersecurity Technology & Capacity Building Unit, DG CONNECT, European Commission• CERT-EU• CERT-EE• CERT.at• CIRCL* A Computer Emergency Response Team (CERT) is an expert group that handles computer securityincidents. Alternative names for such groups include Computer Emergency Readiness Team andComputer Security Incident Response Team (CSIRT).
DAY V: 28.06.2018, (DG CONNECT)
Session 5: Cybersecurity risks in a technology-driven world (10:30-12:30, DG CONNECT, BU 25, Room: 0/S1)Moderator: Evangelos Ouzounis, Head of ENISA’s Secure Infrastructure and Services Unit• Tony Gee, Associate Partner, Pen Test Partners• Volkmar Lotz, Senior Manager and Research Strategist, SAP• Aljosa Pasic, Technology Transfer Director in Atos Research & Innovation, ATOS• Léa el Samarji, Head of AI Tribe, Société Générale
Cyber Aware special session: Demo of a hacking (13:00-14:30, DG CONNECT, BU 25, D Room)Moderator: Ann Mennens, Cyber Aware Programme Manager, DG DIGIT, European Commission• Kevin Cammaerts, IT Service Manager, DG HR, European Commission• Jean Pierre Florisoone, Programme Officer, DG HR, European Commission*The Cyber Aware programme is the European Commission’s corporate programme aiming atincreasing the awareness of the Commission staff in the field of cyber security and highlightingthe responsibility of every European Commission staff member to contribute to a safe onlineexperience.
7
DAY VI: 01.07.2019 (BERLAYMONT, ROOM: ROBERT SCHUMAN)
Session 6: The European paradigm for a safer digital world (10:30-12:30)Moderator: Aristotelis Tzafalias, Senior Policy Officer, Cybersecurity & Digital Privacy Policy Unit, DG CONNECT, European Commission• Ali Hessami, Innovation and R&D Director at Vega Systems, Vice Chair IEEE AI Certification
Programme and Chair IEEE P7000 Technology Ethics standard• Massimo Felici, Cyber Risk Manager, Deloitte Consulting & Advisory• Egon Berghout, Academic Director of the IT Auditing & Advisory program, Erasmus
Universitiy Rotterdam
Session 7: Attracting and retaining more women in cybersecurity (14:00-16:00)Moderator: Despina Spanou, Director for Digital Society, Trust and Cybersecurity, DG CONNECT, European Commission• Anett Madi- Nator, Director of International Operations, Cyber Services• Jane Frankland, CEO of Cyber Security Capital, Founder of the IN Security Movement
DAY VII: 02.07.2019, 10:30-12:30 (DG CONNECT, BU25, ROOM: 0/S1)
Session 8: An overview of supply chain securityModerator: Nineta Polemi, Senior programme officer, Cybersecurity Technology & Capacity Building Unit, DG CONNECT, European Commission• Wil Van Heeswijk, Policy Officer Supply Chain Security & Detection Technology Expert,
DG TAXUD, European Commission• Armend Duzha, EU Project Manager, Maggioli S.p.A.• Stefan Schauer, Senior Scientist Security & Communication Technologies Center for Digital
Safety & Security AIT
DAY VIII: 04.07.2019, 10:30-12:30 (DG CONNECT, BU25, ROOM: 0/S1)
Session 9 Cybersecurity in health, banking, transport and insuranceModerator: Marco Marsella, Head of eHealth, Well-Being and Ageing Unit, DG CONNECT, European Commission • André Smulders, Strategic Advisor Cyber Security TNO• Kuai Hinojosa, Chief Security Architect Tom Tom• Michel Bosco, Adjunct Professor, IAE Graduate School of Management of the University of
Nice, CEO, MAM International Consulting• Alison Martin, Group Chief Risk Officer, member of the Swiss Federal Institute of Technology
(ETH)
8
DAY IX: 05.07.2019, 10:30-12:30 (DG CONNECT, BU25, ROOM: 0/S1)
Session 10: Cybersecurity and digital privacy challenges of the future Moderator: Jakub Boratynski, Head of Cybersecurity & Digital Privacy Policy Unit, DG CONNECT, European Commission• Paul Hofheinz, President and Co-founder of The Lisbon Council• Roberto G. Cascella, Senior Policy Officer, ECSO• Yordanka Ivanova, acting attorney-at-law, PhD candidate in Sofia University “St. Kliment
Ohridski”• Fredrik Bynander, PhD, Director, Center for Societal Security
9
R E T H I N K I N G C Y B E R S E C U R I T Y I N T H E D I G I T A L T R A N S F O R M A T I O N A G E
-The shift to a highly connected and digitised world brings not only new opportunities, but also new cybersecurity challenges. Today the cyber threat landscape is constantly changing and evolving. In order to secure our digital economy and society we all need to advance our cybersecurity competencies and adopt a lifelong learning approach. Especially, policy makers and technology players need to be well informed about cybersecurity. In this vein, the CONNECT university will kick off its 2019 thematic summer school programme dedicated to cybersecurity with the session “Rethinking cybersecurity in the digital transformation age”. Through this introductory session participants will have the chance to get a good understanding of the emerging cybersecurity threats and solutions. For example, the session will cover topics such as innovative cryptography to strengthen cybersecurity and take a look at ways to enhance the cybersecurity of Internet of Things (IoT) devices and applications. In addition, the speakers will provide you with a good overview of the existing and upcoming initiatives of the European Commission for an innovative and more secure cyberspace.
S P E A K E R S :
ROBERTO VIOLA
Roberto Viola is Director General of DG CONNECT (Directorate General of Communication, Networks, Content and Technology) at the European Commission.
He was the Deputy Director-General of DG CONNECT, European Commission from 2012 to 2015. Roberto Viola served as Chairman of the European Radio Spectrum Policy group (RSPG) from 2012 to 2013, as Deputy Chairman in 2011 and Chairman in 2010. He was a member of the BEREC Board (Body of European Telecom Regulators), and Chairman of the European Regulatory Group (ERG). He held the position of Secretary General in charge of managing AGCOM from 2005 to 2012. Prior to this, he served as Director of the Regulation Department and Technical Director in AGCOM from 1999 to 2004.From 1985-1999 he served in various positions including Head of Telecommunication and Broadcasting Satellite Services at the European Space Agency (ESA). Roberto Viola holds a Doctorate in Electronic Engineering and a Master’s in Business Administration (MBA).
10
ANGELOS D. KEROMYTIS
Professor, Georgia Research Alliance Eminent Scholar, and John H. Weitnauer, Jr. Chair at the Georgia Institute of Technology, School of Electrical and Computer Engineering.
Professor Keromytis came to Georgia Tech from DARPA, where he served as Program Manager in the Information Innovation Office, and NSF, where he served at Program Director for the Secure and Trustworthy Cyberspace program. For his work, he received the DAPRA Superior Public Service Medal. Prior to DARPA and NSF, he was a faculty member at Columbia University. Dr. Keromytis is an elected Fellow of the ACM and the IEEE.
The talk: “Understanding and Defending IoT Devices”Internet of Things (IoT) devices are being adopted in large numbers. While conferring significant benefits to users, their massive deployment also increases global risk due to vulnerable software, fractured marketplace, and device opacity. This presentation, will discuss current work on understanding and defending IoT devices despite these limitations.
VINCENT RIJMEN
Professor, KU Leuven, Belgium.
In 1997 Professor Rijmen finished his PhD at the KU Leuven on the design and analysis of block ciphers. He is co-designer of the block cipher Rijndael, which has become the Advanced Encryption Standard (AES) in 2001, and has been included in many other standards since. He has been Chief Cryptographer with cryptomathic and Univ.-Professor with Graz University of Technology, Austria. He is currently Professor at KU Leuven at the Department of Electrical Engineering and IACR Fellow for co-designing AES.
The talk: A policy-maker’s guide to cryptographyDr Rijmen will introduce you in non-technical terms the concepts of symmetric cryptography and public-key cryptography. He will explain the different basic services that cryptography can deliver, addressing some important issues in modern applications of cryptography. Subsequently, Dr Rijmen will present the state of the art in hardware countermeasures attacks based on electromagnetic emanations etc.
11
M O D E R A T O R :
DESPINA SPANOU
Director for Digital Society, Trust and Cybersecurity, DG Connect.
Despina Spanou is leading since 2017 the European Commission team responsible for the EU's policies and research activities in cybersecurity, digital privacy, eHealth, smart mobility, smart cities and egovernment. Previously she was Director for Consumer Affairs at the Directorate-General for Justice and Consumers. Mrs. Spanou has also served as Principal Adviser in the Directorate-General for Health and Consumers and Deputy Head of Cabinet for the European Commissioners for Health and Consumers, Mr. Kyprianou, and, Mrs. Vassiliou. Despina Spanou started her career at the European Commission at the Directorate General for Competition in 2003. Before joining the European Commission she was practising law for a US law firm. She is a qualified lawyer and holds a Ph.D. in European law from the University of Cambridge.
12
I N T E R N A T I O N A L C Y B E R S E C U R I T Y C H A L L E N G E S-
Cyber threats have no borders and are constantly changing and evolving in complexity and maturity. No single country can tackle alone the cyber threats which are constantly changing and evolving in complexity and maturity. International and European cooperation in the field of cybersecurity is essential in order to build a stronger cybersecurity for all as well as to promote and protect an open, free, stable and secure cyberspace. This session will allow you to get a comprehensive overview of the global actors and dimension of the cyberspace, and show you the complexity of the ever-increasing cyber risks in a hyper connected world in which international cooperation is the best way forward.After the session, the participants will have the opportunity to try a real-time solution through a VR simulation platform : The Room #42-VR edition
S P E A K E R S :
KHALIL ROUHANA
Deputy Director-General in DG CONNECT (Communications Networks, Content & Technology) since 1/12/2016.
His responsibilities include the policies for digital economy and society and notably for research, innovation and industrial strategies, digital solution for societal challenges and governments as well as cybersecurity. Before that, he was Director for “Digital Industry” in DG CONNECT supporting the competitiveness of core digital sectors in Europe and the digitisation of all industrial sectors of the economy.
The talk: EU Cybersecurity Strategy
OLEG BRODT
R&D Director for Deutsche Telekom Innovation Labs Israel; and Chief Innovation Officer for Cyber @ Ben-Gurion University.
Oleg serves as the R&D Director of Deutsche Telekom Innovation Labs Israel, focusing on future technologies in the fields of Cyber Security
13
and Artificial Intelligence; as well as the Chief Innovation Officer for Cyber @ BGU – an umbrella organization responsible for all cyber security related research and industrial collaborations at the Ben Gurion University, Beer-Sheva, Israel (Israel’s Cyber Capital).
The talk: The Future of cybersecurity in the Age of Digital TransformationShort summary of presentation to accompany their title: Artificial intelligence (AI) and cybersecurity are two of the prominent topics in industry and academia today with a huge impact on our daily life. While AI R&D focuses on enhancements of algorithms, methods, and tools in order to support a variety of applications, such as automatic personal assistant and autonomous driving, R&D in the cybersecurity domain focuses on improving existing security solutions given new challenges in the attack landscape such as advanced and targeted attacks, ransomware, and attacks on cloud services. Recently, there is an increased number of intersections between these two fields, and the goal of this presentation is to discuss AI’s role in cybersecurity now and in the future. In this talk, three topics will be addressed: AI in the hands of attackers, AI in the hands of defenders, and Adversarial AI, an emerging research topic in which attackers try to hack AI based systems.
BART PRENEEL
Full professor at the Dept. Electrical Eng.-ESAT of the KU Leuven.
Bart Preneel is full professor at the Dept. Electrical Eng.-ESAT of the KU Leuven. He heads the imec-COSIC research group, which has 80 members. He has authored more than 400 scientific publications and is inventor of 5 patents. His main research interests are cryptography, information security and privacy. Bart Preneel has served as president of the IACR and is a member of the Academia Europaea. In 2015 he was elected as fellow of the IACR. He frequently consults for industry and governments about security and privacy technologies.
The talk: Challenges in security and privacy - the role of cryptographyThis talk discusses the main trends and challenges in security and privacy. It explains how these challenges can be addressed by combining novel architectures with advanced cryptography and open solutions.
14
M O D E R A T O R :
DESPINA SPANOU
Director for Digital Society, Trust and Cybersecurity, DG Connect.
Despina Spanou is leading since 2017 the European Commission team responsible for the EU's policies and research activities in cybersecurity, digital privacy, eHealth, smart mobility, smart cities and egovernment.
Previously she was Director for Consumer Affairs at the Directorate-General for Justice and Consumers. Mrs. Spanou has also served as Principal Adviser in the Directorate-General for Health and Consumers and Deputy Head of Cabinet for the European Commissioners for Health and Consumers, Mr. Kyprianou, and, Mrs. Vassiliou. Despina Spanou started her career at the European Commission at the Directorate General for Competition in 2003. Before joining the European Commission she was practising law for a US law firm. She is a qualified lawyer and holds a Ph.D. in European law from the University of Cambridge.
15
R E C A P P I N G E U R O P E A N C O M M I S S I O N ’ S C Y B E R S E C U R I T Y A N D P R I V A C Y I N I T I A T I V E S
-
COMMISSIONER MARIYA GABRIEL
Bulgarian-born Mariya Gabriel is the current European Commissioner for Digital Economy and Society. She was the Vice-President of the EPP Group in the European Parliament from 2014-2017.Mariya Gabriel was a Member of the European Parliament, EPP/GERB (Citizens for European Development of Bulgaria) from 2009-2017. Since 2012, Mariya Gabriel has served as Vice-President of EPP Women. Prior to this she was Parliamentary Secretary to MEPs from the GERB political party within the EPP Group in 2008-2009.
She is part of project teams, such as Digital Single Market, Energy Union, Better Regulation and Interinstitutional Affairs, Budget and Human Resources, and Jobs, Growth, Investment and Competitiveness. As a member of the project teams, her responsibilities include launching ambitious proposals for the completion of a connected Digital Single Market, supporting the development of creative industries and of a successful European media and content industry, as well as other activities turning digital research into innovation success stories.
16
D I G I T A L P R I V A C Y I N A D A T A - D R I V E N W O R L D-
Data has become a key asset for the economy and our societies. Data can be created by people, generated by machines or may result from the interaction between the two. Examples include sensors gathering climate information, satellite imagery, digital pictures and videos, purchase transaction records, and GPS signals. Due to the fact that data collected may relate to individuals who can be identified or profiled, concerns have been raised about our privacy in a data-driven world. This session will present the latest trends in digital data privacy, the upcoming privacy challenges which our Big Data era may pose and will brief you on EU’s latest privacy related policy initiatives.
S P E A K E R S :
ATHENA BOURKA
NIS Expert - Data Protection Officer, ENISA.
Athena Bourka is a Network and Information Security Expert in the European Union Agency for Network and Information Security (ENISA). She is also the ENISA’s Data Protection Officer. Before joining ENISA, Athena had been working for over 10 years as a privacy and security expert in the Hellenic Data Protection Authority and the European Data Protection Supervisor (seconded national expert). Athena has also worked in healthcare data security and environmental information systems. She has studied electrical and computer engineering and holds a PhD on information security.
The talk: Privacy by design in big dataThe presentation, after exploring the challenges that machine learning and big data bring to the protection of personal data, will discuss how the concepts of privacy and data protection by design can help face these challenges, in conjunction with state-of-the-art security technologies and tools.
LJUBICA PENDAROSKA
Ethics Expert & Data Protection Officer, Horizon2020 RePAST project.
Ms Pendaroska has extensive experience in the area of Data protection and Privacy, highlighted by the following positions: Data Protection & Privacy expert at UNICEF, Europe and Central Asia; Chairperson and
17
Ethical/Data protection expert Horizon2020 “IECEU”; Key Ethics and Data Protection Expert in EU/NATO/OECD projects: “Data Protection and the Media”; “KOSNORTH project”; “Sustainable system for continuous primary and secondary education for personal data protection”; “Expert Opinion in Data protection for OECD “Competitiveness in South East Europe” Digital Society dimension”; Researcher “Cyber Security Resilience in SEE”; “Countering disinformation in Central and SEE” etc.
The talk: Ethics instead of simple compliance to make the difference: Privacy as a top digital priority of todayThe presentation is designed to spark a lively discussion on several key privacy issues in the digital world, viewed from different standing points and roles: what are the top privacy challenges for 2019 and the assumptions for the coming years? How to ensure privacy in coexistence with the security and progress of societies and does the digital world become a market where personal data is a currency?
ALI FARZANEH FAR
PhD, Imperial College London.
Ali used to work as Particle Physicist at CMS at CERN. Currently a PhD student at Imperial College London, his research focuses on quantifying the impact of algorithmic decision making on society. He empirically studies the effect of the personalisation tools used to leverage such behavioural data sets on society. A second area of interest is the study of the limits of privacy in large datasets.
The talk: The limits of anonymization and the future of privacyFrom traffic prediction, to medical research, to advertising, the utility of personal data is inarguable. However, protecting this data is not easy. Here I will demonstrate how one common attack on anonymous data works. I will then discuss how this data could be protected, focusing on a real-world example.
18
M O D E R A T O R :
DESPINA SPANOU
Director for Digital Society, Trust and Cybersecurity, DG Connect.
Despina Spanou is leading since 2017 the European Commission team responsible for the EU's policies and research activities in cybersecurity, digital privacy, eHealth, smart mobility, smart cities and egovernment.
Previously she was Director for Consumer Affairs at the Directorate-General for Justice and Consumers. Mrs. Spanou has also served as Principal Adviser in the Directorate-General for Health and Consumers and Deputy Head of Cabinet for the European Commissioners for Health and Consumers, Mr. Kyprianou, and, Mrs. Vassiliou. Despina Spanou started her career at the European Commission at the Directorate General for Competition in 2003. Before joining the European Commission she was practising law for a US law firm. She is a qualified lawyer and holds a Ph.D. in European law from the University of Cambridge.
19
P R O T E C T I N G O U R D I G I T A L I D E N T I T Y A N D P R I V A C Y I N A H Y P E R - C O N N E C T E D W O R L D
-In our digital and interconnected society we need to ensure that all citizens have access to digital products and services. The European Commission’s initiatives such as the General Data Protection Regulation (GDPR) and the proposed ePrivacy Regulation aim to improve online security, privacy and inclusion. This session will underline practical ways of tackling privacy challenges, principles and requirements so people can communicate, operate and travel safely while protecting their privacy and personal data. Experts from the industry and academia will emphasize how privacy can be guaranteed in a hyper-connected, mobile economy and society and how privacy can be ensured in a digital world.
S P E A K E R S :
FELIPE LORA
Senior Engineering Program Manager, Google.
Felipe Lora has worked in privacy and security for more than a decade, protecting businesses and users from advanced attacks. He is currently a Senior Engineering Program Manager at Google where he works on the Identity, Privacy and Security team in Munich since 2012. Since then, his teams have focused on providing users with tools and controls to manage their privacy and security. Prior to joining Google, he worked in the telecommunications and consumer electronics industry as an engineer, and later as a consultant on the area of security solutions. Felipe studied Electronic Engineering at the Universidad de los Andes in Colombia and completed his MSc in 2006 in Telecom ParisTech in France. Outside of work, he can be found running on trails, reading and discovering all kinds of new music.
LUDMILA GEORGIEVA
Public Policy & Government Affairs Manager, Google.
Dr. Georgieva joined the EU Policy Team of Google in Brussels in December 2018 and is in charge of cybersecurity and privacy issues. Before joining Google, she worked first in a large law company in Vienna and in 2009 joined
20
the Federal Chancellery of Austria (Constitutional Service) and in 2013 the Permanent Representation of Austria to the EU in Brussels (for the Federal Chancellery) as Attaché for Cybersecurity, Data Protection and Media Policy. In her function in Brussels, she was deeply involved in the negotiations of e.g. the GDPR, the EU-US-Privacy Shield, the AVMS Directive, the NIS-Directive and the CybersecurityAct as well as in the national coordination of the Digital Single Market Policy.
The talk: Google’s approach in Cybersecurity - staying ahead togetherEvery minute 12 million spam messages are prevented from reaching Gmail customers, everyday 400 million+ Android devices are checked for health and safety - protecting the world’s largest network against cyber threats in a connected world is a preoccupation and top priority at Google. The speakers will give insights on Google’s products and strategy, from the point of view of Engineering and Public Policy.
CECILIA ZAPPALÀ
EU Policy Manager, Facebook.
Cecilia joined Facebook in 2016. She is currently heading the Economic and Social Policy team, focusing on issues such as privacy, competition, artificial intelligence and cybersecurity. Before this, she spent four years at BUSINESSEUROPE, a trade association representing European companies. She worked as policy adviser focused on digital economy and data protection. Prior to that, Cecilia worked for DIGITALEUROPE, an association representing the EU tech industry, and for DCI Group, a Washington-based public affairs consultancy where she advised clients in the telecom sector.
The talk: Privacy at FacebookThe presentation covers Facebook’s approach to privacy, focusing on controls available to users to protect their personal data and privacy by design is integrated in FB product development. It highlights Facebook’s privacy principles, as well as FB views on principles for effective privacy regulation.
SIRRA TOIVONEN
Senior Scientist, VTT Technical Research Centre of Finland Ltd.
Sirra Toivonen is a Senior Scientist and Project Manager at the VTT Technical Research Centre of Finland Ltd. She has worked at the Risk and Asset Management knowledge center since 1995. The research interests include identity verification at border control and border management technologies, security management of global supply chains, human factors, system usability design and testing plus value creation in security area product innovations.
21
The talk: Analyzing risk in digitalized border management systemsDuring the presentation, Mrs Toivonen plans to go through the transformation from the traditional identity control at the border to the digital identity control and the risk related to this. She will address the transformation of the traveler processes in general, especially in the flight travelling.
M O D E R A T O R :
PIERRE CHASTANET
Head of Cloud and Software Unit, DG CONNECT, European Commission.
Pierre is Head of Unit Cloud & Software at the European Commission and is notably in charge of the European regulation on the free flow of non-personal data and the implementation of cloud policies. He has been working for 12 years at the European Commission in various management and policy development assignments, in the area of cybersecurity, digital privacy, ICT for societal challenges, green ICT and telecom innovation.Prior to that, Pierre acquired over 10 years of ICT experience, mostly in various IT management positions at Procter & Gamble.Pierre holds a M.S. in Telecommunication Engineering from Telecom ParisTech, a M.A. in International Politics from the Free University of Brussels and a B.Sc in Economics from the London School of Economics and Political Science.
22
S T R E N G T H E N I N G T H E E U ’ S C Y B E R D E F E N C E A N D R E S I L I E N C E
-Emerging technologies (e.g. AI, quantum, HPC), connectivity and autonomy will tremendously increase the level, complexity and scale of cyberattacks with a potentially enormous impact for our economy, business and lives. Increasing the EU’s cybersecurity capabilities and resilience against cyberattacks has never been more pressing. Cyber defence and cyber resilience are crucial when we are discussing the EU’s security and implicitly, the future of Europe. The participants of this session will get a good overview of the steps that are currently being taken in order to prepare Europe to better protect all its assets (infrastructures, governments and businesses). Join us to learn about the EU’s efforts to strengthen its cybersecurity and resilience.
S P E A K E R S :
NICOLAS HERNANDEZ
CEO, aleph-networks.
Nicolas Hernandez has a background in mathematics, philosophy and information science, which has allowed him to build an original approach to the challenges of innovation, with the will to advance both technological and ethical issues. His research has led him to take an interest in the traces left on the Web: how to exploit the traces left by everyone, but also how to protect the transmitter of the trace. These problems gave birth to aleph-networks and to GM Search Dark, which allows a new look on Dark and Deepweb.
The talk: Why monitoring the darkweb has become essentialFreenet, I2P and the TOR network were created in the early 2000s to overcome the lack of anonymity of the internet and protect the idea of total freedom of expression on the internet. Why did monitoring of the Darkweb then become essential? What are the trajectories and drift of these networks?
23
MARIA VELLO
CEO Cyber Defence Alliance.
Ms Vello works to accelerate innovation, capabilities, knowledge and preparedness to increase maturity levels and resilience across national critical infrastructure.
The talk: Accelerating knowledge, capabilities, maturity levels, resilience, and preparedness to strengthen the economic stability of the financial sector and Critical National Infrastructure in the EU.Ms Vello will discuss about a proactive collaborative approach in defending our critical systems and customers against these systemic and global cyber threats. It is in “our gift” to create a safer cyber future in this ever-evolving age of Digital Transformation.
KADI SAAD
CERT-EU, Head of CERT-EU.
Saâd Kadhi has over 20 years of experience in operational cybersecurity. He discovered Incident Response, Digital Forensics and Cyber Threat Intelligence in early 2008 and have been working exclusively in this fascinating field since then. He built and managed the CSIRT of a French multinational food-products corporation covering more than 120 000 employees worldwide and worked at the CERT of one of the major banking groups to fight cybercrime and respond to cyberattacks. In 2013, he joined Banque de France, the French national central bank, to create and develop their CERT. It quickly became one of major teams in France and considered one of the most advanced central bank CSIRTs. In 2019, he became the Head of CERT-EU, the Computer Security Incident Response Team (CSIRT) for all the EU Institutions, Bodies & Agencies.
The talk: The Threat Landscape: Past, Present & FutureAs the cyberdefence entity of all the EU institutions, bodies and agencies, CERT-EU has a unique perspective on the threat landscape. Due to its highly diverse, eclectic constituency, this landscape has many, interesting shades. In this talk, we will walk through some of the cyber threats during the last year, which cunning threat actors in particular have been trying to compromise them and how, but also the emerging trends that we are seeing and the challenges they pose.
24
NICOLE VAN DER MEULEN
Head of Strategy & Development team at European Cybercrime Centre (EC3).
Nicole van der Meulen started her cybercrime journey in 2006 when she discovered the topic of digital identity theft, a new type of crime with a new type of victim. Ever since then she has been captured by the continuous evolution of cybercrime and the ongoing question of how we can most effectively respond to its proliferation. She currently works as a Senior Strategic Analyst at EC3, Europol. Prior to her appointment at Europol, she held various positions in academia, interest representation and government all within the field of cybercrime and cybersecurity. She studied Political Science in the United States (BA, 2005) and the Netherlands (MSc, 2006) and completed her doctoral disserta-tion on digital identity theft at Tilburg University, the Netherlands in 2010.
The talk: Losing the battle, winning the war? A multi-faceted approach to fighting cybercrimeWe are proud to speak of our operational successes when it comes to fighting cybercrime, as we should be. But perhaps the battles we lose, the aspects we do not speak about, will provide valu-able input to help us win the war. Fighting cybercrime is about more than law enforcement action, it is also about developing effective policy and making the public as well as organisations aware of existing threats. We must ensure that different actors play a key role within the cybercrime and cybersecurity eco-system. This presentation will touch upon some of our published operations, but will also reflect on the more strategic aspects of fighting cybercrime in the twenty-first century.
M O D E R A T O R :
DIRK DUBOIS
Head of the ESDC.
Dirk Dubois graduates from the Belgian Military Academy with a master degree in social and military science in 1985. In the first part of his career he occupies several operational posts, including abroad, and po-sitions as a staff officer. From 2007 to 2012 he is a training manager at the ESDC, before joining the Directorate-general for education of the Belgian MoD. On 01 April 2015, he is appointed as Head of the ESDC. In December 2017, the EU Member States decided to prolong his mandate by consensus until 2022.
25
C Y B E R S E C U R I T Y D E M O N S T R A T I O N B Y C S I R T S-
In this digital age as we become ever more reliant on smart connected data and supporting infrastructure, the question of trust and security impacts on us all. Who can we, as citizens, as businesses, as providers of essential services for our societies and as public authorities turn to for assistance? This session involves demonstrations of the day-to-day tasks that Computer Security Incident Response Teams (CSIRTs) do to protect our data and us.Demonstrations will be done by representatives of the following CSIRTs teams:• CERT-EU• CERT-EE• CERT.at• CIRCLCSIRTs provide emergency incident response support to us to help combat malware, personal databreaches, network intrusions, data leakage, denial of service and online misinformation. They aresmall teams of cybersecurity specialists with in-depth computer science expertise, who cooperatewith each other in providing protective services in response to threats and incidents from onlineactivists, criminals, terrorists and state affiliated groups.
S P E A K E R S :
SEBASTIAN WAGNER
Software Engineer, CERT.at.
Sebastian Wagner works at the Austrian national Computer Emergency Response Team CERT.at since 2015 in software development and maintains the automated incident handling process. He is also the main developer and maintainer of the IntelMQ tool.
The talk: Automated Incident Handling and Situational Awareness with IntelMQ.Automated workflows are an integral part of most CERTs and other IT security teams to process process data about vulnerabilities, infections & compromisings. IntelMQ supports teams in this task and it’s development is lead by CERT.at, with contributions of European partners and users worldwide.
26
EMILIEN LE JAMTEL
CERT-EU Threat Hunting leader.
Emilien Le Jamtel is a French security analyst, versatile member of CERT-EU since 4 years. With a strong background in offense, he is now playing defense as responsible for the monitoring and threat hunting activities in CERT-EU. In both professional and personal life, he is fond of games and difficult challenges and he probably forgot to answer your emails.
LAURENTO FRITTELLA
CERT-EU Red Team leader.
Laurento Frittella is an Italian computer scientist, proud member of CERT-EU with more than 17 years of experience in the IT field. For the last three years he is leading the CERT-EU Red Team, while also being involved in the internal advanced threat detection and response research and development. Fond of challenges, curious, he jumps right in.
The talk: The cat-and-mouse game on steroidsLet’s face reality. There is no black magic out there, thus no magic wand for incident response nor threat detection. At CERT-EU we are approaching this unfortunate limitation setting up a strong synergy between our ravenously hungry Threat Hunting team and our ruthless Red Team. The cat and the mouse. Chasing each other continuously, improving and refining their skills and techniques. When one improves, the other shortly follows.
KAUR KASAK
Information security expert, Estonian Information System Authority, CERT-EE.
Kaur Kasak is an information security expert in the National CERT of Estonia (CERT-EE), where he is mainly responsible for developing the technical infrastructure of the CERT, and conducting network traffic and log analysis. Previously, Kaur was been working several years for NATO Cooper-ative Cyber Defence Centre of Excellence, where he helped to create Locked Shields Cyber Defence Exercise. The latter is now considered the most complex technical live-fire challenge in the world.
The talk: Using Cuckoo Sandbox for Exploit Kit hunting and malware analysisDuring the demo we will introduce malware analysis platform named Cuckoo Sandbox, focusing on how CERT-EE is using it. We will also demonstrate few other solutions for technical analysis of network traffic and logs.
27
ALEXANDRE DULAUNOY
Security Researcher, CIRCL.
Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a start-up called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team.
The talk: Detect, Analyse and Report Information LeaksInformation leak becomes a significant and critical issue for many organisations. CIRCL, as a CSIRT part of the CSIRT/NIS network, built open source software to improve the time-to-respond in discovering, classifying and notifying victims or organisations. We will present how leaks are found (often before public disclosure), analysed and reported. The demonstration will include real/practical cases and demonstrate the current challenges from a technical, organisational and legal standpoint.
28
C Y B E R S E C U R I T Y R I S K S I N A T E C H N O L O G Y - D R I V E N W O R L D-
The session brings together cybersecurity experts from the industry to share their views about the main current security opportunities and challenges for the emerging technologies. The discussion will focus on the upcoming cybersecurity challenges of Artificial Intelligence (AI), blockchain, Internet of Things (IoT). Live demos and real life examples will demonstrate the urgency of advancing our mitigation strategies and plans.
S P E A K E R S :
TONY GEE
Associate Partner, Pen Test Partners.
Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor. Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, ISACA CSX Europe, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.
The talk: The S in IoT stands for security The Internet of Things is a wonderful enabler of technology, but with this enablement comes bigger risk. This talk will look at the IoT and challenge how it may actually be increasing risk, it may lead to invasions of our privacy, loss of our data and even compromise of our networks. The talk will look to include live demos of some of the flaws we have discovered and examine the role of law in helping transform IoT security.
29
VOLKMAR LOTZ
Senior Manager and Research Strategist at SAP
Volkmar Lotz is Senior Manager and Research Strategist at SAP. He has 30 years’ experience in industrial research on Security and Software Engineering. He is Strategy Lead for Product Security Research, specializing on Security Certification, Software Security, and IoT security. He defines and executes SAP’s security research agenda in alignment with SAP’s business strategy and global research trends. Volkmar holds a diploma in Computer Science from the University of Kaiserslautern.
The talk: Managing Vulnerabilities in Open-Source SoftwareThe use of open-source components is common across the software industry, resulting in vulnerabilities of open-source components having significant impact on security. Companies must identify, assess and mitigate vulnerabilities – a complex task hindered by rich interdependencies between components. We present an approach to automate analysis and to generate mitigation plans.
ALJOSA PASIC
Technology Transfer Director in Atos Research & Innovation.
Aljosa Pasic current position is Technology Transfer Director in Atos Research & Innovation (ARI), based in Madrid, Spain. He graduated at Technical University Eindhoven, The Netherlands, and has been working for Cap Gemini until the end of 1998. In 1999 he moved to Sema Group (now part of Atos) where he occupied different positions. He participated in more than 70 international projects related to information security.
The talk: Is this cybersecurity risk important for me?Is this cybersecurity risk important for me? Many individuals (and organisations) have this doubt but lack basic knowledge to decide about risk mitigation measures or capacity to implement them. This talk will present situation, challenges and emerging trends in cybersecurity risk assessment and management, for different types of stakeholders.
30
LEA EL SAMARJI
Head of AI Tribe, Société Générale.
After an engineering degree in IT Network and cryptography, Léa got a phd in cybersecurity and risk management from TelecomParisTech. She’s now leading a team of experts in Datascience and AI working on several business and security projects.
The talk: Artificial Intelligence & CybersecurityNowadays, and with the digital transformation, cyber-attacks are threatening more and more companies. Cyber Attackers are using complex methods in order to fulfil their objectives. Artificial Intelligence is key for Companies to be prepared to face such attacks, detect them at an early stage and prevent them.
M O D E R A T O R :
DR. EVANGELOS OUZOUNIS
Head of Secure Infrastructure and Services Unit.European Network Information Security Agency (ENISA).
His unit manages ENISA’s contribution to the NIS Directive implementation and over the years has developed good practices for several Critical Information Infrastructures (e.g. telecoms, energy, aviation, health, finance and ICS SCADA). Dr Ouzounis manages within ENISA the area of IoT security and Smart Infrastructures. In that context, his team developed baseline security requirements for IoT and numerous good practices for smart cars, industry 4.0, smart airports and smart health.Finally, Dr. Ouzounis has developed, together with all EU Telecom Regulators (NRAs), the first ever pan European incident reporting mechanism for the telecom sector (article 13 a). Since then his unit has published several annual reports on root causes of reported incidents affecting the telecom sector. His unit now develops a similar mechanism for the trust service providers in the context of eIDAS Regulation (article 19).
31
C Y B E R A W A R E S P E C I A L S E S S I O N : D E M O O F A H A C K I N G-
During this CONNECT University session, the participants will be able to experience live what happens in case their computer would be hacked. There will be demonstration on how easy it can be to hack your computer if it is not well protected, and you will see how this can be done without the user even noticing. You will get an insight in which threats there are, how we are protecting the systems of the European Commission, find out what SOC, CSIRC, CART and other acronyms stand for, and what their cybersecurity experts are doing. We will show you what happens behind the scene when an incident is reported in the Commission. Additionally, you will even get a glimpse into the emergency room of the Commission’s Computer Security Incident Response Capability (CSIRC). Finally, some tips and tricks on how to have a safe online experience will be provided, since after all, it is better to prevent incidents than having to deal with them.
M O D E R A T O R :
ANN MENNENS
Manager Cyber Aware Programme, DIGIT S.1.002.
Ann Mennens is working in the IT Security Directorate of DG Informatics at the European Commission where she manages the corporate Cyber Aware Programme. She started her professional career with a traineeship in the European Commission, and the first time she got introduced to cyber was at a job fair where an IT consultancy firm which had IT projects with the European Commission recruited her. She occupied several positions there – she was a senior consultant, project manager, trainer and bid manager. In 2011, she got a new job at the KU Leuven University, in Belgian Cybercrime Centre of Excellence for Training, Research and Education. Being the Manager in the B-CCENTRE gave her an overview of all the aspects of cybersecurity. She organized conferencesand set up trainings, but at the same time she also trained herself and obtained respectablecertificates such as an ISACA certification for a Certified Information Security Manager (CISM).From 2016 up to today, she works as a Cyber Aware Program Manager at the Commission.
32
T H E E U R O P E A N P A R A D I G M F O R A S A F E R D I G I T A L W O R L D-
The newly adopted ‘’EU Cybersecurity Act’’ will establish a European Cybersecurity Certification Framework for ICT products and services allowing certificates (for software and hardware products) to be valid and recognised across all EU Member States. Certification can play an important role in increasing trust and security in products and services that we either buy or consume. This session will explore certification, standardisation and assurance aspects considering various legal, technological and economical challenges.
S P E A K E R S :
MASSIMO FELICI
Cyber Risk Manager, Deloitte Consulting & Advisory Brussels.
Dr. Massimo Felici holds a PhD in Computer Science from University of Edinburgh (United Kingdom) and an MSc in Computer Science from University of Catania (Italy). He is advising European Institutions and European Agencies such as ENISA and eu-LISA. Massimo has over 15 years of extensive expertise in the areas of NIS Directive, risk assessment, certifications and policy-driven Research and Innovation.
The talk: Cybersecurity at scale for Digital EnterprisesAdoption of new technologies and digitalisation of business activities and of critical services expose organisations to emerging cybersecurity threats. Though differently, organisations have to deal with the same problem – protect more with less resources. This presentation will highlight challenges and opportunities for enhancing cybersecurity certification in digital transformations.Egon Berghout, Professor Erasmus University Rotterdam
EGON BERGHOUT
Academic Director of the IT Auditing & Advisory program, Erasmus Universities.
Egon Berghout is passioned about educating the best digital risk & security experts. He is also member of the EC Cloud Policy Working
33
Group for Cloud Security Certification. Egon runs his own IT Governance & Assurance practice, is member of the supervisory board for the Dutch Courts of Law and was member of the independent committee, which investigated the failure of the new Dutch citizens administration system on behalf of the Dutch Parliament.
The talk: The European opportunity for a safer digital world – security lessons from the car industry.Many people consider the defects of digital privacy and security, as the new pollution problem. Our society, therefore, has a lot to gain through better digital safety. In my presentation, I will address various problems with safety standards and bounded expertise of those, who provide assurance. I will compare our new digital world with the car industry. We can learn a lot from the car industry, also in terms of not making the same mistakes. Effectiveness of security standards should be our main objective. Effective digital security methods will create a new safe society for future generations. Europe has unique opportunities for creating superior and internationally accepted digital safety standards.
ALI HESSAMI
Innovation and R&D Director at Vega Systems, Vice Chair IEEE AI Certification Programme and Chair IEEE P7000 Technology Ethics standard.
Ali is currently the Director of R&D and Innovation at Vega Systems. He is an expert in the systems assurance and safety, security, sustainability and knowledge assessment/ management methodologies and has a background in design and development of advanced control systems for business and safety critical industrial applications. Ali is a Visiting Professor at London City University’s Centre for Systems and Control in the School of Engineering & Mathematics and at Beijing Jiaotong University School of Electronics & Information Engineering. He is also a Fellow of Royal Society of Arts (FRSA), Fellow of the UK Institution of Engineering & Technology (IET) and a Senior Member of IEEE.
The talk: An overview of the guidelines for the ethical design of modern systems and servicesThe holistic assurance of security entails a consistent and coherent approach to the consideration of threats and vulnerabilities arising from Physical, Organisational as well as Cyber dimensions for a product, system, service or enterprise. The so called COPs framework is in turn underpinned by a suite of time honoured principles that provide the backbone and the wisdom of the approach, its coverage and effectiveness. This lecture addresses the fundamentals of Security Assurance Principles that relate to the COPs framework. An overview of the guidelines for the ethical design of modern systems and services as well as the IEEE’s global certification programme, ECPAIS will also be given.
34
M O D E R A T O R :
ARISTOTELIS TZAFALIAS
Senior Policy Officer, Cybersecurity & Digital Privacy Policy Unit, DG CONNECT, European Commission.
Aristotelis Tzafalias is a Policy Officer in the Unit ‘Cybersecurity and Digital Privacy Policy’ in DG CNECT. Mr Tzafalias is working on the implementation of the European Cybersecurity Certification Framework put in place by the Cybersecurity Act and works closely with other Commission Services and the European External Action Service on cybersecurity policy in areas such as financial services, trade, cybercrime and law enforcement. Mr Tzafalias studied Computer Science at the University of Crete in Heraklion.
35
A T T R A C T I N G A N D R E T A I N I N G M O R E W O M E N I N C Y B E R S E C U R I T Y
-Despite increased interest in the cybersecurity field, there is still a lot to be done to attract and retain women in the cybersecurity profession. High-level speakers will explore what lies behind this gender gap, underlining the key role of diversity in cybersecurity for mitigating risks, and presenting the tremendous opportunity for women who want to pursue a professional career in this field. Join us to learn more and take part in discussions on how to tackle the cybersecurity gender gap in Europe.
S P E A K E R S :
JANE FRANKLAND
CEO of Cyber Security Capital, Founder of the IN Security Movement.
Jane Frankland is working to better the world by training and educating businesses on cybersecurity. She focuses specifically on gender inclusion in science through the IN Security Movement, which she founded to connect, inspire and empower cybersecurity professionals. She believes “a more gender balanced workforce will enable greater security, innovations and all-round happiness.”
The talk: Women in Security: A strategy for safetyGender diversity in tech is a hot topic for organisations, as many understand the benefits that women can bring, such as greater profitability, innovation, and lower costs. However, when it comes to cyber security women offer another advantage. They think differently to men and this includes how they see risk. Join best-selling author, top 20 influencer, and 21-year cyber security veteran, Jane Frankland, to hear about the unique differences between men and women in terms of risk and how a failure to attract and retain women in cyber security is making us all less safe.
36
ANETT MÁDI-NÁTOR
Cyber Services, VP, Strategic Business Development and Operations.
Anett Mádi-Nátor has more than a decade of experience in strategic and administrative layers of information security, cyber security, and cyber defence both as a private sector subject matter expert and as a government representative. Her recent appointments include Hungarian MilCIRC Head of Coordination, Administrative Head of Hungarian government cyber security centre (Cyber Defence Management Authority within the National Security Authority), NATO Cyber Coalition Exercises Core Strategic and Administrative Planner, and Lead to NATO Cyber Defence Capability Team.
The talk: Women4CyberShould women gain more reward in cyber leadership? Can women create added value in cyber leadership? Is it realistic to expect a move from a male dominated leadership structure to a gender neutral ratio? Women in cyber need to know that in several other industries women strongly influence and formulate societal, economic, and political trends. Cyber is falling behind, but the transformation has already started.
M O D E R A T O R :
DESPINA SPANOU
Director for Digital Society, Trust and Cybersecurity, DG Connect.
Despina Spanou is leading since 2017 the European Commission team responsible for the EU's policies and research activities in cybersecurity, digital privacy, eHealth, smart mobility, smart cities and egovernment. Previously she was Director for Consumer Affairs at the Directorate-General for Justice and Consumers. Mrs. Spanou has also served as Principal Adviser in the Directorate-General for Health and Consumers and Deputy Head of Cabinet for the European Commissioners for Health and Consumers, Mr. Kyprianou, and, Mrs. Vassiliou. Despina Spanou started her career at the European Commission at the Directorate General for Competition in 2003. Before joining the European Commission she was practising law for a US law firm. She is a qualified lawyer and holds a Ph.D. in European law from the University of Cambridge.
37
A N O V E R V I E W O F S U P P LY C H A I N S E C U R I T Y-
In the digital era, Supply Chain services (SCs) are the cornerstones of global trade and economy where cross border Critical Infrastructures (CI), (e.g. authorities airports, railways, ports, energy providers, banks, logistic/transport companies, industries) collaborate in offering complex digital services in all critical sectors (e.g. transport, finance, health, government). Examples of SCs include: container management, vehicle transport. The CIs that operate within their SCs have physical and cyber multi-interdependencies, interacting with all sectors of economy and therefore, their malfunctioning or disruption will have cascading effects, on several other EU infrastructures or cross-border services that depend on them. The highly valuable interconnected physical and cyber assets involved in the SCs have become targets for attacks attracting the attention of terrorism, causing not only disruption of the SCs but tremendous damage to EU business operations, national and EU safety, economies, societies and environment. This session will explore the current trends for the improvement of Supply Chain Security. Join us to learn and discuss with the experts what is being done concretely for addressing issues related to vulnerable complex supply chains.
S P E A K E R S :
WIL VAN HEESWIJK
Policy Officer Supply Chain Security & Detection Technology Expert, DG TAXUD, Unit A3 Risk Management and Security.
Wil van Heeswijk is responsible for the security technology developments, customs control equipment and implementation ofsmart border and supply chain security measures, including research and innovation. Mr van Heeswijk is the chairperson of the EU customs detection technology project group.
The talk: Customs supervision and security in global supply chainsThe EU Customs is aware of the changing environment presenting challenges and offering opportunities. The objective is to have agile Customs effectively and efficiently protecting societies and facilitating trade in a fast changing global environment. The volume of international trade is increasing and along with the emphasis on external border and supply chain security together with the trade facilitation the role of Customs is evolving rapidly.
38
ARMEND DUZHA
EU Project Manager, Maggioli S.p.A.
Armend Duzha is a Project Manager and Research Associate at Maggioli Group. He has more than 5 years of experience in leading international research projects and is particularly specialized in transferring research results into industry. His main interest are the protection of critical infrastructures and the use of secure technologies if different domains. Last but not least, Armend is the Project Coordinator of the GUARD H2020 Project (GA 833456).
The talk: Empowering Reliability and Trust in Digital Service Chains.Evolving business models are progressively reshaping the scope and structure of ICT services, with massive introduction of virtualization paradigms and tight integration with physical environments. Several market forces are already driving towards the creation of multi-domain and complex business service chains, which undoubtedly bring more agility in service deployment and operation but introduce additional security and privacy concerns that have not been addressed in a satisfactory way yet.
STEFAN SCHAUER
Senior Scientist Security & Communication Technologies Center for Digital Safety & Security.
Working for the Austrian Institute of Technology (AIT) since 2005, Stefan Schauer is a senior researcher in the fields of risk and security management in the Center for Digital Safety & Security. His research focus lies on risk assessment methodologies and processes applying game theoretic approaches as well as mathematical concepts for the identification and handling of cascading effects within an organization and among critical infrastructures.
The talk: Cascading Effects in Supply ChainsToday’s supply chains have evolved into a complex ecosystem of highly interconnected physical and cyber assets. Incidents affecting one of those assets can have far reaching consequences for all partners involved. This talk will provide a short overview on mathematical concepts to identify and assess such cascading effects.
39
M O D E R A T O R :
NINETA POLEMI
Programme Manager and Policy Officer in DG CONNECT H1 Unit. Dr Nineta Polemi has obtained a Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Centre). She held teaching positions in the City University of New York (Queens and Baruch Colleges) and in the State University of New York (Farmingdale). She is an Associate Professor in the University of Piraeus (Dept. of Informatics) and Director of the UNIPI cybersecurity master’s program and lab. She has over one hundred publications and has organised numerous security scientific international events. She has received many research grants from various organizations such as the Danish Research Foundation, MSI Army Research Office/Cornell University and IEEE.
40
C Y B E R S E C U R I T Y I N H E A LT H , B A N K I N G , T R A N S P O R T A N D I N S U R A N C E
-In recent years, health, banking, transport and insurance industries have been usually a cybersecurity target, exposing millions of persons around the world to cyber threats and causing significant financial losses. The session brings together European Commission and external experts working on strengthening cybersecurity in the mentioned sectors to talk about concrete cybersecurity challenges from health, banking transport and insurance sectors, while proposing innovative mitigation approaches against cyber threats.
S P E A K E R S :
ALISON MARTIN
Group Chief Risk Officer, Member of the Executive Committee, Zurich Insurance Group. Alison has extensive management, financial and commercial experience within the insurance sector. In October 2017, she joined Zurich Insurance Group as a member of the Executive Committee and assumed the role of Group Chief Risk Officer. Alison began her career at PwC in 1995 and worked with insurance clients in audit and advisory roles. She then served in various leading executive positions at Swiss Re from 2003 to 2017.
The talk: Going digital: get ready for a bumpy rideAs companies embark on their digital transformation journey, the use of new technologies and working models are critical to success, yet also pose new security challenges. Opportunities for attackers increase and cybersecurity efforts need to span beyond an organization’s own perimeter; the focus on hygiene, discipline and process, whilst not sounding ‘sexy’ becomes a key differentiator for effective cybersecurity management.
41
MICHEL BOSCO
Adjunct Professor, IAE Graduate School of Management of the University of Nice, CEO, MAM International Consulting.
For many years a senior officer with the European Commission, Michel Bosco is now a researcher, and the director of the MBA in Security, Defense and Space Industries with the IAE Graduate School of Management of the University of Nice. He also advises high-tech companies, public agencies and research organizations as regards to their business development, innovation, investment, and export strategies in the fields of security, defense, and space.
The talk: Sharing data related to transport, health, and other matters, in a safe, smart citySmart Cities use networks of sensors, telephony, satellite data to manage public spaces to improve their infrastructure (transport, health, telecommunication, energy, water supply and waste, waste disposal, education, environment, economic exchange, police, civil protection, …). Safe Cities also implement electronic and physical means to improve the resilience of this infrastructure.
ANDRE SMULDERS
Strategic Advisor Cyber Security.
Ir. Andre (A.C.M.) Smulders CISSP is an expert in the field of cybersecurity with more than 17 years of security experience. He works since 2005 at TNO and is Strategic Advisor Cyber Security for a variety of contractors in both public and private sectors. He has been chairing different expert groups and speaker on national and international symposia. He is the TNO lead expert for the automotive security roadmap.
The talk: Cybersecurity and the changing automotive landscape The effects of digital transformation are also transforming the way we need to look at cybersecurity especially when introducing digital functionality could affect functional safety. This presentation takes the viewpoint of assurance to explain what is changing and where potential gaps are emerging.
42
KUAI HINOJOSA
Chief Security Architect Tom Tom.
Kuai Hinojosa has been assessing and building software security assurance programs for over a decade. At TomTom, Kuai is responsible for managing technical security programs, leading and supporting TomTom’s product security lifecycle. Thereby, managing product security strategies and optimizing assurance activities throughout the organization. Kuai Hinojosa specializes in linking together technical risks and remediation advice, ensuring that software development teams and stakeholders can correctly interpret and act upon software related risks.
The talk: Building resilient softwareThe future is here, we are now building more and more embedded connected systems to power the way we travel, improve our health and monitor our homes. In addition, we are using the strength of data analytics and AI to innovate our technical capabilities. As we continue to evolve in this space, we will continue to face overwhelming challenges in order to maintain data security and privacy, keep our systems secured. In this talk, I will discuss some of the key challenges and fundamental best practices I have experienced to work, in an effort to improve or establish software security capabilities in an organization.
M O D E R A T O R : MARCO MARSELLA
Head of eHealth, Well-Being and Ageing Unit, DG CONNECT, European Commission.
Marco Marsella is Head of the “eHealth, Well-being, and Ageing” Unit in the Directorate General for Communications Networks, Content and Technology (DG CONNECT) of the European Commission. From 2016 to June 2018, Marco Marsella was leading the Unit responsible for the Web Accessibility Directive, Safer Internet and Language Technologies. He has worked on policy development, innovation and research implementation in the areas of digital content, technologies for learning, e-inclusion and assistive technologies.
43
C Y B E R S E C U R I T Y A N D D I G I T A L P R I V A C Y C H A L L E N G E S O F T H E F U T U R E
-Our digital world is evolving. Our economy and society becomes more connected. However, greater connectivity implies more potential cybersecurity risks. How could governments and the industry get prepared in order to tackle the future cybersecurity challenges? How can we use emerging technologies like Artificial Intelligence (AI), quantum computing, blockchain, to identify risks and build strong cybersecurity in the European Union? Going further, what is needed to develop innovative cybersecurity solutions and leverage all the current opportunities? This session will address the above mentioned questions.
S P E A K E R S :
PAUL HOFHEINZ
President and co-founder, The Lisbon Council.
Paul Hofheinz is president and co-founder of the Lisbon Council, an independent, non-partisan think tank and research centre based in Brussels, Belgium. It was founded in 2003.At the Lisbon Council, Mr. Hofheinz manages the association on a daily basis and is responsible for strategic oversight, including growth, publishing and development. He also maintains a personal research programme, writing, publishing and speaking on topics as diverse as artificial intelligence, the future of work, innovation, startups, the knowledge-economy, human capital, growth-company finance, economic reform and European politics. He frequently appears on the BBC, CNBC and Bloomberg, and has written for or been quoted in more than four dozen leading newspapers and academic journals.
The talk: “Societal security: steering towards a safer digital future”
44
YORDANKA IVANOVA
Phd student in EU law, Sofia University “St.Kliment Ohridski”.
Yordanka Ivanova is an acting attorney-at-law in Bulgaria and a PhD candidate in Sofia University “St. Kliment Ohridski”, writing a thesis on GDPR and its application in the context of Big Data and Artificial Intelligence. She has done an LLM in EU Law in Leiden University (Netherlands) and used to work before as a policy officer in the European Commission.
The talk: Challenges to privacy and other fundamental rights in the Big data and algorithmic worldThe session will examine the effects and risks posed by the emerging technologies of Artificial Intelligence and Big data for the fundamental rights to privacy, non-discrimination and others and the solutions and safeguards that must be in place to minimize those risks and negative impacts.
FREDRIK BYNANDER
PhD, Director, Center for Societal Security.
Fredrik Bynander is an Associate Professor of Political Science and Director for the Centre for Societal Security. In 2009-2011 Fredrik was a Special adviser at the Prime Minister’s Office Secretariat for Crisis Coordination. In 2011-2012 he was its head of strategic planning. Fredrik is a member of the Royal Academy of War Sciences, and the Swedish Society for International Affairs.
The talk: Protecting society from hybrid threatsModern societies are afflicted by a multitude of threats, some of which are orchestrated by state actors but many are the results of a spectrum of malign cyber actors to criminal networks. Creating a strategy to deal with and act effectively and proportionally to counter these threats are a growing concern for national governments as well as EU institutions.
ROBERTO G. CASCELLA
Senior Policy Manager, European Cyber Security Organisation (ECSO).
Roberto Cascella is Senior Policy Manager at the European Cyber Security Organisation (ECSO), the contractual counterpart to the European Commission for the implementation of the cybersecurity cPPP. For the ECSO Secretariat, Roberto coordinates the activities of working groups looking at certification related aspects and defining the Strategic Research Innovation Agenda.
45
Before joining ECSO, he worked as Innovation and Research Project Manager and Research Scientist contributing to several EU projects. Roberto holds a Ph.D. (2007) in ICT from University of Trento, an M.Sc. in Telecommunication engineering from Politecnico di Torino and KTH Stockholm (2003).
The talk: Moving towards a trustworthy and resilient European cyber security ecosystem Cyber security is an essential enabling factor for the development and exploitation of digital technologies and innovation and is, therefore, inextricably linked to future prospects for growth, job creation and Europe’s response to environmental and societal goals.The significance of cyber security is an ever-growing issue with political, societal and economic implications.The talk will look at the global trends and the challenges for a trustworthy and competitive European cyber security ecosystem.
M O D E R A T O R :
JAKUB BORATYNSKI
Head of Unit ‘Cybersecurity and Digital Privacy Policy’ within the European Commission in Brussels (Directorate-General Communication Networks, Content and Technology).
Among others involved in the negotiations of the recently adopted Network and Information Security (NIS) directive, the implementation of the EU cyber-security strategy’s actions on resilience, industrial measures and Research and Innovation under H2020, and cooperation with the EU Agency for Network and Information Security (ENISA). He also directly contributed to the production of the new EU Cybersecurity Strategy. Previously Head of Unit ‘Organised Crime and Relations with EMCDDA’ at the European Commission (Directorate-General Home Affairs), which has the lead responsibility for the fight against cybercrime, corruption, sexual abuse of children and confiscation of criminal assets. In relation to cybercrime, involved in negotiation and drafting of two directives (on cyber-attacks and sexual exploitation of children), establishment of the European Cybercrime Centre (EC3) and drafting of the EU Cyber Security Strategy. Previously worked on EU relations with Russia (Directorate-General External Relations).
46